VPN Bridge Works in windows but not in Linux!



  • Please Help!

    I have setup an openvpn bridge and it work great in windows (xp, vista, win7), but keeps giving me error in Linux. Any ideas?

    Sever Conf

    dev ovpns1
    dev-type tap
    dev-node /dev/tap1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 74.91.109.99
    engine cryptodev
    tls-server
    mode server
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 25
    push "dhcp-option DNS 172.28.0.1"
    push "dhcp-option DNS 172.28.6.13"
    push "redirect-gateway def1"
    client-to-client
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    crl-verify /var/etc/openvpn/server1.crl-verify
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    persist-remote-ip
    float

    Server ifconfig -a

    re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    options=389b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic>ether 38:60:77:c5:de:51
    inet 74.91.109.99 netmask 0xfffffffc broadcast 74.91.109.100
    inet6 fe80::3a60:77ff:fec5:de51%re0 prefixlen 64 scopeid 0x1
    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    options=2098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1b:21:b0:86:15
    inet 172.28.0.1 netmask 0xffff0000 broadcast 172.28.255.255
    inet6 fe80::21b:21ff:feb0:8615%em0 prefixlen 64 scopeid 0x2
    inet 172.28.6.13 netmask 0xffffffff broadcast 172.28.6.13
    inet 172.28.6.14 netmask 0xffffffff broadcast 172.28.6.14
    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
    nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
    syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    pflog0: flags=100 <promisc>metric 0 mtu 33200
    enc0: flags=0<> metric 0 mtu 1536
    bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    ether 4a:17:42:20:9d:1e
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 2000000
    member: em0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 2000000
    ovpns1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    options=80000 <linkstate>ether 00:bd:b8:3e:00:01
    inet6 fe80::2bd:b8ff:fe3e:1%ovpns1 prefixlen 64 scopeid 0x8
    nd6 options=3 <performnud,accept_rtadv>Opened by PID 13857
    tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
    options=80000 <linkstate>Server Log

    May 23 10:55:29 openvpn[58493]: djackson/75.100.124.99:5892 send_push_reply(): safe_cap=960
    May 23 10:55:27 openvpn: user djackson authenticated
    May 23 10:55:27 openvpn: : Logged in successfully as djackson via LDAP server Dougs_LDAP with DN = uid=djackson,ou=people,dc=tcsbasys,dc=com.
    May 23 10:55:27 openvpn: : Now Searching in server Dougs_LDAP, container ou=people,dc=tcsbasys,dc=com with filter (uid=djackson).
    May 23 10:55:27 openvpn: : Now Searching for djackson in directory.
    May 23 10:55:26 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=User-ca with depth 0
    May 23 10:55:26 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=VPN-ca with depth 1
    May 23 10:54:06 openvpn[58493]: djackson/75.100.124.90:5892 send_push_reply(): safe_cap=960
    May 23 10:54:05 openvpn: user djackson authenticated
    May 23 10:54:05 openvpn: : Logged in successfully as djackson via LDAP server Dougs_LDAP with DN = uid=djackson,ou=people,dc=tcsbasys,dc=com.
    May 23 10:54:05 openvpn: : Now Searching in server Dougs_LDAP, container ou=people,dc=tcsbasys,dc=com with filter (uid=djackson).
    May 23 10:54:05 openvpn: : Now Searching for djackson in directory.
    May 23 10:54:04 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=User-ca with depth 0
    May 23 10:54:04 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=VPN-ca with depth 1

    Client Conf

    dev tap
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    tls-client
    client
    resolv-retry infinite
    remote 74.91.109.99 1194
    tls-remote User-ca
    auth-user-pass
    pkcs12 pfsense-udp-1194.p12
    tls-auth pfsense-udp-1194-tls.key 1
    comp-lzo

    Client Log

    nin@Bushi /etc/openvpn $ sudo openvpn –config pfsense-udp-1194.ovpn
    [sudo] password for ronin:
    Wed May 23 10:39:52 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
    Enter Auth Username:djackson
    Enter Auth Password:
    Wed May 23 10:39:58 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed May 23 10:39:58 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
    Wed May 23 10:39:58 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed May 23 10:39:58 2012 WARNING: file 'pfsense-udp-1194.p12' is group or others accessible
    Wed May 23 10:39:58 2012 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted="">Wed May 23 10:39:58 2012 WARNING: file 'pfsense-udp-1194-tls.key' is group or others accessible
    Wed May 23 10:39:58 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
    Wed May 23 10:39:58 2012 LZO compression initialized
    Wed May 23 10:39:58 2012 UDPv4 link local (bound): [undef]
    Wed May 23 10:39:58 2012 UDPv4 link remote: [AF_INET]74.91.109.99:1194
    Wed May 23 10:39:58 2012 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    Wed May 23 10:39:59 2012 [User-ca] Peer Connection Initiated with [AF_INET] 74.91.109.99:1194
    Wed May 23 10:40:01 2012 TUN/TAP device tap0 opened
    Wed May 23 10:40:01 2012 NOTE: unable to redirect default gateway – VPN gateway parameter (--route-gateway or --ifconfig) is missing
    Wed May 23 10:40:01 2012 Initialization Sequence Completed</modulus></linkstate></pointopoint,multicast></performnud,accept_rtadv></linkstate></up,broadcast,running,promisc,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast>


Log in to reply